Security risk management system, server, control method, and non-transitory computer-readable medium

ABSTRACT

A security risk management system ( 305 ) of the present disclosure includes a server ( 310 ) and an agent unit ( 320 ) included in a terminal. The server ( 310 ) transmits vulnerability information to the agent unit ( 320 ) before the release date and time of the vulnerability information. The agent unit ( 320 ) investigates the presence or absence of vulnerabilities in the terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information, and transmits vulnerability investigation results containing the investigation results to the server ( 310 ) before the release date and time of the vulnerability information. The server ( 310 ) presents the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of U.S. application Ser. No.16/084,687 filed on Sep. 13, 2018, which is a National Stage ofInternational Application No. PCT/JP2017/011586 filed Mar. 23, 2017,claiming priority based on Japanese Patent Application No. 2016-061774filed Mar. 25, 2016, the disclosure of which is incorporated herein intheir entirety by reference.

TECHNICAL FIELD

The present disclosure relates to a security risk management system, aserver, a control method, and a non-transitory computer-readable medium.

BACKGROUND ART

Terminals used by companies are subject to security risks includingvulnerabilities in hardware or software. This raises a need forcompanies to manage the vulnerabilities of terminals in the companies.In recent years, a security risk management system that supports themanagement of vulnerabilities has been proposed (e.g., Patent Literature1).

CITATION LIST Patent Literature

Patent Literature 1: Japanese Unexamined Patent Application PublicationNo. 2009-015570

SUMMARY OF INVENTION Technical Problem

A company using a security risk management system generally managesvulnerabilities as follows.

After vulnerability information is released, a security administrator ofthe company investigates the presence or absence of vulnerabilities interminals in the company by using the security risk management system.

When a vulnerable terminal is found as a result of the investigation,the security administrator of the company develops and implementscountermeasures against the vulnerability by using the security riskmanagement system

However, once vulnerability information is released, there is a riskthat a terminal is attacked by a malicious individual or group ofindividuals, and it is necessary to reduce the time needed to takecountermeasures against the vulnerability.

The technique disclosed in the above-mentioned Patent Literature 1stores, in a database, countermeasures taken against vulnerabilities ofa terminal in association with a keyword indicating the type ofvulnerabilities. Specifically, the technique disclosed in PatentLiterature 1 is a technique that stores, in a database, countermeasuresagainst vulnerabilities which have been actually taken in a terminal,and it is not a technique that reduces the time needed to takecountermeasures against vulnerabilities.

An object of the present disclosure is to solve the above-describedproblem, and to provide a technique capable of reducing the time neededto take countermeasures against vulnerabilities.

Solution to Problem

According to one aspect of the present disclosure, a security riskmanagement system includes a server, and an agent unit included in aterminal, wherein the server transmits vulnerability information to theagent unit before a release date and time of the vulnerabilityinformation, the agent unit investigates presence or absence ofvulnerabilities in the terminal based on information regarding a methodfor vulnerability investigation contained in the vulnerabilityinformation, and transmits vulnerability investigation resultscontaining the investigation results to the server before the releasedate and time of the vulnerability information, and the server presentsthe vulnerability information and the vulnerability investigationresults on or after the release date and time of the vulnerabilityinformation.

According to one aspect of the present disclosure, a server includes acommunication unit configured to transmit, to an agent unit included ina terminal, vulnerability information before a release date and time ofthe vulnerability information, and receives, from the agent unit,vulnerability investigation results containing investigation resultsregarding presence or absence of vulnerabilities in the terminalinvestigated by the agent unit based on information regarding a methodfor vulnerability investigation contained in the vulnerabilityinformation before the release date and time of the vulnerabilityinformation, and a presentation unit configured to present thevulnerability information and the vulnerability investigation results onor after the release date and time of the vulnerability information.

According to one aspect of the present disclosure, a control method is acontrol method of a server, including a transmission step oftransmitting, to an agent unit included in a terminal, vulnerabilityinformation before a release date and time of the vulnerabilityinformation, a step of receiving, from the agent unit, vulnerabilityinvestigation results containing investigation results regardingpresence or absence of vulnerabilities in the terminal investigated bythe agent unit based on information regarding a method for vulnerabilityinvestigation contained in the vulnerability information before therelease date and time of the vulnerability information, and apresentation step of presenting the vulnerability information and thevulnerability investigation results on or after the release date andtime of the vulnerability information.

According to one aspect of the present disclosure, a non-transitorycomputer readable medium is a non-transitory computer readable mediumstoring a program causing a computer to execute a transmission step oftransmitting, to an agent unit included in a terminal, vulnerabilityinformation before a release date and time of the vulnerabilityinformation, a step of receiving, from the agent unit, vulnerabilityinvestigation results containing investigation results regardingpresence or absence of vulnerabilities in the terminal investigated bythe agent unit based on information regarding a method for vulnerabilityinvestigation contained in the vulnerability information before arelease date and time of the vulnerability information, and apresentation step of presenting the vulnerability information and thevulnerability investigation results on or after the release date andtime of the vulnerability information.

According to one aspect of the present disclosure, a non-transitorycomputer readable medium is a non-transitory computer readable mediumstoring a program causing a computer to execute a receiving step ofreceiving, from a server, vulnerability information before a releasedate and time of the vulnerability information, an investigation step ofinvesting presence or absence of vulnerabilities in a terminal based oninformation regarding a method for vulnerability investigation containedin the vulnerability information before a release date and time of thevulnerability information, and a step of transmitting, to the server,vulnerability investigation results containing investigation results inthe investigation step before the release date and time of thevulnerability information.

Advantageous Effects of Invention

According to the exemplary aspects of the present disclosure, it ispossible to reduce the time needed to take countermeasures againstvulnerabilities.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a view showing a configuration example of a security systemaccording to a first embodiment.

FIG. 2 is a block diagram showing a block configuration example of avulnerability information distribution system and a security riskmanagement system according to the first embodiment.

FIG. 3 is a view showing a configuration example of the hardwareconfiguration of a computer that implements the vulnerabilityinformation distribution system, a server and a terminal according tothe first embodiment.

FIG. 4 is a flowchart showing an operation example that receivesvulnerability information from a vulnerability information transmissionsystem, creates vulnerability information data, and transmits thevulnerability information data to a server in the vulnerabilityinformation distribution system according to the first embodiment.

FIG. 5 is a view showing an example of vulnerability information dataaccording to the first embodiment.

FIG. 6 is a flowchart showing an operation example that receivesvulnerability information data from a vulnerability informationdistribution system and transmits the vulnerability information data toan agent unit in the server according to the first embodiment.

FIG. 7 is a flowchart showing an operation example that receivesvulnerability information data from a server, investigates the presenceor absence of vulnerabilities of a corresponding terminal, and transmitsvulnerability investigation results to a server in the agent unitaccording to the first embodiment.

FIG. 8 is a view showing an example of vulnerability investigationresults according to the first embodiment.

FIG. 9 is a flowchart showing an operation example that receivesvulnerability investigation results from an agent unit and stores thevulnerability investigation results into a vulnerability investigationresult storage unit in the server according to the first embodiment.

FIG. 10 is a flowchart showing an operation example that regularlychecks vulnerability information data in a vulnerability informationdata storage unit, decrypts the vulnerability information data whoserelease date and time is before the current date and time, and storesthe decrypted vulnerability information data again into thevulnerability information data storage unit in the server according tothe first embodiment.

FIG. 11 is a flowchart showing an operation example that displaysvulnerability information and vulnerability investigation results in theserver according to the first embodiment.

FIG. 12 is a flowchart showing an operation example that regularlychecks vulnerability information data in a vulnerability informationdata storage unit, decrypts the vulnerability information data whoserelease date and time is before the current date and time, and storesthe decrypted vulnerability information data again into thevulnerability information data storage unit in the agent unit accordingto the first embodiment.

FIG. 13 is a flowchart showing an operation example that displaysvulnerability information in the agent unit according to the firstembodiment.

FIG. 14 is a block diagram showing a block configuration example of asecurity risk management system according to a second embodiment.

FIG. 15 is a sequence chart showing an operation example of the securityrisk management system according to the second embodiment.

DESCRIPTION OF EMBODIMENTS

Embodiments of the present disclosure are described hereinafter withreference to the drawings.

(1) First Embodiment (1-1) Configuration of First Embodiment

(1-1-1) Overall Configuration

FIG. 1 shows a configuration example of a security system according to afirst embodiment. FIG. 2 shows a block configuration example of avulnerability information distribution system 210 and a security riskmanagement system 305 according to the first embodiment.

Referring to FIGS. 1 and 2, the security system according to the firstembodiment includes a vulnerability information transmission system 110placed in a vulnerability information providing institution 100, avulnerability information distribution system 210 placed in a securityrisk management system providing company 200, and a security riskmanagement system 305 placed in a security risk management system usingcompany 300.

The vulnerability information providing institution 100 is aninstitution that provides vulnerability information including anoverview of vulnerabilities, a method for investigation, a method forcountermeasures and the like, and it is CERT (Computer EmergencyResponse Team), JPCERT (Japan Computer Emergency Response Team), IPA(Information-technology Promotion Agency) or the like, for example. Thesecurity risk management system providing company 200 is a company thatprovides the security risk management system 305. The security riskmanagement system using company 300 is a company that uses the securityrisk management system 305 provided by the security risk managementsystem providing company 200. The security risk management system usingcompany 300 manages vulnerabilities in terminals 330 of its own companyby using the security risk management system 305.

When software has a vulnerability, the vulnerability informationproviding institution 100 provides a software vendor that has createdthis software with vulnerability information regarding the vulnerabilitybefore its release date and time for the purpose of investigation insome cases. The vulnerability information provided from thevulnerability information providing institution 100 to the softwarevendor can be used by the security risk management system providingcompany 200. However, when it is before the release date and time of thevulnerability information, use of the vulnerability information islimited to one's own use in the security risk management systemproviding company 200. In this manner, the security risk managementsystem providing company 200 is allowed to use, only in its own company,the vulnerability information provided from the vulnerabilityinformation providing institution 100 before the release date and time.

The first embodiment focuses attention on the fact that the securityrisk management system using company 300 can use vulnerabilityinformation before the release date and time provided by thevulnerability information providing institution 100, and completes theinvestigation regarding the presence or absence of vulnerabilities inthe terminals 330 by using the vulnerability information before therelease date and time.

(1-1-2) Configuration of Vulnerability Information Transmission System110

The vulnerability information transmission system 110 transmitsvulnerability information to the vulnerability information distributionsystem 210. Note that the vulnerability information transmission system110 only needs to have the function of transmitting vulnerabilityinformation to the vulnerability information distribution system 210,and this function can be implemented by a known technique, and thereforethe description of its detailed block configuration is omitted.

(1-1-3) Configuration of Vulnerability Information Distribution System210

The vulnerability information distribution system 210 includes avulnerability information receiving unit 211, a vulnerabilityinformation data creation unit 212, a vulnerability information dataencryption unit 213, a common key storage unit 214, a vulnerabilityinformation data storage unit 215, and a vulnerability information datatransmitting unit 216.

The vulnerability information receiving unit 211 receives vulnerabilityinformation from the vulnerability information transmission system 110.The vulnerability information data creation unit 212 createsvulnerability information data in accordance with an operation performedby a vulnerability information data creator based on the vulnerabilityinformation received by the vulnerability information receiving unit211. The vulnerability information data encryption unit 213 encrypts thevulnerability information data created by the vulnerability informationdata creation unit 212 by using a common key. The common key storageunit 214 stores the common key to be used when the vulnerabilityinformation data encryption unit 213 encrypts the vulnerabilityinformation data. The vulnerability information data storage unit 215stores the vulnerability information data created by the vulnerabilityinformation data creation unit 212. The vulnerability information datatransmitting unit 216 reads the vulnerability information data from thevulnerability information data storage unit 215, and transmits the readvulnerability information data to a server 310.

(1-1-4) Configuration of Security Risk Management System 305

The security risk management system 305 includes a server 310 and anagent unit 320. The agent unit 320 is software which is also calledagent software or agent. The agent unit 320 corresponds to the terminal330 whose vulnerabilities are managed by the security risk managementsystem using company 300, and it is installed into the correspondingterminal 330. In FIG. 1, it is assumed that there are a plurality ofterminals 330, and a plurality of agent units 320 respectivelycorresponding to the plurality of terminals 330 are placed; however,when there is one terminal 330, one agent unit 320 is placed.

The server 310 receives vulnerability information data from thevulnerability information distribution system 210, transmits thereceived vulnerability information data to the agent unit 320, and givesan instruction to conduct vulnerability investigation before the releasedate and time of vulnerability information. Further, the server 310receives vulnerability investigation results from the agent unit 320,and displays the vulnerability information and the vulnerabilityinvestigation results on or after the release date and time of thevulnerability information. On the other hand, the agent unit 320receives vulnerability information data from the server 310,investigates the presence or absence of vulnerabilities in thecorresponding terminal 330, and transmits vulnerability investigationresults to the server 310 before the release date and time ofvulnerability information. Further, the agent unit 320 displays thevulnerability information on or after the release date and time of thevulnerability information.

(1-1-5) Configuration of Server 310

The server 310 includes a vulnerability information data receiving unit311, a vulnerability information data storage unit 312, a vulnerabilityinformation data distribution unit 313, a vulnerability investigationresult receiving unit 314, a vulnerability investigation result storageunit 315, a vulnerability release date and time checking unit 316, avulnerability information data decryption unit 317, a common key storageunit 318, and a vulnerability information and investigation resultdisplay unit 319. Note that the vulnerability information datadistribution unit 313 and the vulnerability investigation resultreceiving unit 314 are an example of elements of a communication unit.The vulnerability information and investigation result display unit 319is an example of a presentation unit. The vulnerability information datastorage unit 312 is an example of a vulnerability information storageunit. The vulnerability release date and time checking unit 316 is anexample of a release date and time checking unit. The vulnerabilityinvestigation result storage unit 315 is an example of a vulnerabilityinvestigation result storage unit.

The vulnerability information data receiving unit 311 receivesvulnerability information data from the vulnerability informationdistribution system 210. The vulnerability information data storage unit312 stores the vulnerability information data received by thevulnerability information data receiving unit 311. The vulnerabilityinformation data distribution unit 313 reads the vulnerabilityinformation data from the vulnerability information data storage unit312, and transmits the read vulnerability information data to the agentunit 320. The vulnerability investigation result receiving unit 314receives vulnerability investigation results from the agent unit 320.The vulnerability investigation result storage unit 315 stores thevulnerability investigation results received by the vulnerabilityinvestigation result receiving unit 314. The vulnerability release dateand time checking unit 316 reads the vulnerability information data fromthe vulnerability information data storage unit 312 on a regular basis,checks the release date and time, makes the vulnerability informationdata decryption unit 317 decrypt the vulnerability information datawhose release date and time has passed, and writes the decryptedvulnerability information data back into the vulnerability informationdata storage unit 312. The vulnerability information data decryptionunit 317 receives the vulnerability information data from thevulnerability release date and time checking unit 316, and decrypts thevulnerability information data by using a common key. The common keystorage unit 318 stores the common key to be used when the vulnerabilityinformation data decryption unit 317 decrypts the vulnerabilityinformation data. The vulnerability information and investigation resultdisplay unit 319 reads the vulnerability information data whose releasedate and time has passed from the vulnerability information data storageunit 312, reads the corresponding vulnerability investigation resultsfrom the vulnerability investigation result storage unit 315 based onthe read vulnerability information data, and presents the vulnerabilityinformation and the vulnerability investigation results based on theread vulnerability investigation results. It is assumed hereinafter thatthe presentation is to display the information and the results on ascreen of the server 310.

(1-1-6) Configuration of Agent Unit 320

The agent unit 320 includes a vulnerability information data receivingunit 321, a vulnerability information data storage unit 322, avulnerability investigation unit 323, a vulnerability information datadecryption unit 324, a common key storage unit 325, a vulnerabilityinvestigation result storage unit 326, a vulnerability investigationresult transmitting unit 327, a vulnerability release date and timechecking unit 328, and a vulnerability information display unit 329.Note that the vulnerability information data receiving unit 321 and thevulnerability investigation result transmitting unit 327 are an exampleof components of a communication unit. The vulnerability informationdisplay unit 329 is an example of a presentation unit. The vulnerabilityinformation data storage unit 322 is an example of a vulnerabilityinformation storage unit. The vulnerability release date and timechecking unit 328 is an example of a release date and time checkingunit. The vulnerability investigation result storage unit 326 is anexample of a vulnerability investigation result storage unit.

The vulnerability information data receiving unit 321 receivesvulnerability information data from the server 310. The vulnerabilityinformation data storage unit 322 stores the vulnerability informationdata received by the vulnerability information data receiving unit 321.The vulnerability investigation unit 323 reads the vulnerabilityinformation data from the vulnerability information data storage unit322, makes the vulnerability information data decryption unit 324decrypt the read vulnerability information data, investigates thepresence or absence of vulnerabilities in the corresponding terminal 330based on a method for investigation contained in the decryptedvulnerability information data, and stores vulnerability investigationresults containing results of the investigation into the vulnerabilityinvestigation result storage unit 326. The vulnerability informationdata decryption unit 324 receives the vulnerability information datafrom the vulnerability investigation unit 323 and the vulnerabilityrelease date and time checking unit 328, and decrypts the vulnerabilityinformation data by using a common key. The common key storage unit 325stores the common key to be used when the vulnerability information datadecryption unit 324 decrypts the vulnerability information data. Thevulnerability investigation result storage unit 326 stores thevulnerability investigation results containing the investigation resultsinvestigated by the vulnerability investigation unit 323. Thevulnerability investigation result transmitting unit 327 reads thevulnerability investigation results from the vulnerability investigationresult storage unit 326, and transmits the read vulnerabilityinvestigation results to the server 310. The vulnerability release dateand time checking unit 328 reads the vulnerability information data fromthe vulnerability information data storage unit 322 on a regular basis,checks the release date and time, makes the vulnerability informationdata decryption unit 324 decrypt the vulnerability information datawhose release date and time has passed, and writes the decryptedvulnerability information data back into the vulnerability informationdata storage unit 322. The vulnerability information display unit 329reads the vulnerability information data whose release date and time haspassed from the vulnerability information data storage unit 322, readsthe corresponding vulnerability investigation results from thevulnerability investigation result storage unit 326 based on the readvulnerability information data, and presents the vulnerabilityinformation based on the read vulnerability investigation results. It isassumed hereinafter that the presentation is to display the informationon a screen of the corresponding terminal 330.

Note that the common key storage unit 214 in the vulnerabilityinformation distribution system 210, the common key storage unit 318 inthe server 310, and the common key storage unit 325 in the agent unit320 share a common key, and store the shared common key.

(1-1-7) Hardware Configuration

FIG. 3 shows a configuration example of the hardware configuration of acomputer 400 for implementing the vulnerability information distributionsystem 210 according to the first embodiment. Referring to FIG. 3, thevulnerability information distribution system 210 according to the firstembodiment can be implemented by the computer 400. The computer 400includes a processor 401, a memory 402, a storage 403, an input/outputinterface (input/output I/F) 404, a communication interface(communication I/F) 405 and the like. The processor 401, the memory 402,the storage 403, the input/output interface 404 and the communicationinterface 405 are connected through a data transmission line fortransmitting and receiving data to and from one another.

The processor 401 is a processing unit such as CPU (Central ProcessingUnit) or GPU (Graphics Processing Unit). The memory 402 is a memory suchas RAM (Random Access Memory) or ROM (Read Only Memory). The storage 403is a storage device such as HDD (Hard Disk Drive), SSD (Solid StateDrive) or memory card. Alternatively, the storage 403 may be a memorysuch as RAM or ROM.

The storage 403 stores a program for implementing the function of eachprocessing unit (the vulnerability information receiving unit 211, thevulnerability information data creation unit 212, the vulnerabilityinformation data encryption unit 213, the vulnerability information datatransmitting unit 216 etc.) included in the vulnerability informationdistribution system 210. The processor 401 executes each program andthereby implements the function of each processing unit. The processor401 may execute each program after reading the program onto the memory402, or may execute each program without reading it onto the memory 402.Further, the memory 402 and the storage 403 serve also as the common keystorage unit 214 and the vulnerability information data storage unit215.

The above-described program can be stored and provided to the computer(which includes computer 400) using any type of non-transitory computerreadable medium. The non-transitory computer readable medium includesany type of tangible storage medium. Examples of the non-transitorycomputer readable medium include magnetic storage media (such as floppydisks, magnetic tapes, hard disk drives, etc.), optical magnetic storagemedia (e.g. magneto-optical disks), CD-ROM (Compact Disc-Read OnlyMemory), CD-R (CD-Recordable), CD-R/W (CD-ReWritable), and semiconductormemories (such as mask ROM, PROM (Programmable ROM), EPROM (ErasablePROM), flash ROM, RAM (Random Access Memory), etc.). The program may beprovided to a computer using any type of transitory computer readablemedium. Examples of the transitory computer readable medium includeelectric signals, optical signals, and electromagnetic waves. Thetransitory computer readable medium can provide the program to acomputer via a wired communication line such as an electric wire oroptical fiber or a wireless communication line.

The input/output interface 404 is connected with a display device 4041,an input device 4042 and the like. The display device 4041 is a devicethat displays a screen corresponding to drawing data processed by theprocessor 401, such as LCD (Liquid Crystal Display) or CRT (Cathode RayTube) display. The input device 4042 is a device that receives anoperation input by an operator, such as a keyboard, a mouse or a touchsensor, for example. The display device 4041 and the input device 4042may be integrated and implemented as a touch panel.

The communication interface 405 transmits and receives data to and froman external device. For example, the communication interface 405communicates with an external device through a wired or wirelessnetwork.

Note that the server 310 and the terminal 330 can be implemented by thecomputer 400 shown in FIG. 3.

For example, in the case where the server 310 is implemented by thecomputer 400, the storage 403 stores a program for implementing thefunction of each processing unit (the vulnerability information datareceiving unit 311, the vulnerability information data distribution unit313, the vulnerability investigation result receiving unit 314, thevulnerability release date and time checking unit 316, the vulnerabilityinformation data decryption unit 317, the vulnerability information andinvestigation result display unit 319 etc.) included in the server 310.Further, the memory 402 and the storage 403 serve also as thevulnerability information data storage unit 312, the vulnerabilityinvestigation result storage unit 315 and the common key storage unit318.

In the case where the terminal 330 is implemented by the computer 400,the storage 403 stores a program for implementing the function of eachprocessing unit (the vulnerability information data receiving unit 321,the vulnerability investigation unit 323, the vulnerability informationdata decryption unit 324, the vulnerability investigation resulttransmitting unit 327, the vulnerability release date and time checkingunit 328, the vulnerability information display unit 329 etc.) includedin the agent unit 320. Further, the memory 402 and the storage 403 servealso as the vulnerability information data storage unit 322, the commonkey storage unit 325 and the vulnerability investigation result storageunit 326.

(1-2) Operation of First Embodiment

The operation of the security system according to the first embodimentis described hereinafter in detail.

(1-2-1) First, the operation of the vulnerability informationdistribution system 210 that receives vulnerability information from thevulnerability information transmission system 110, creates vulnerabilityinformation data and transmits it to the server 310 is described withreference to FIG. 4.

Referring to FIG. 4, in the vulnerability information distributionsystem 210, the vulnerability information receiving unit 211 receivesvulnerability information transmitted from the vulnerability informationtransmission system 110 (S101). The vulnerability information containsinformation about an overview of vulnerabilities, information about amethod for investigation, information about a method forcountermeasures, and information about a release date and time. Thevulnerability information receiving unit 211 transmits the receivedvulnerability information to the vulnerability information data creationunit 212. The vulnerability information data creation unit 212 createsvulnerability information data in accordance with an operation performedby a vulnerability information data creator based on the vulnerabilityinformation (S102).

As shown in FIG. 5, the vulnerability information data has a format thatcontains a vulnerability information ID (Identifier), information abouta release date and time, a release flag, information about an overview,information about a method for investigation, and information about amethod for countermeasures. The vulnerability information datacorresponds to data created by adding a vulnerability information ID anda release flag to the vulnerability information (an overview ofvulnerabilities, a method for investigation, a method forcountermeasures, and a release date and time). An ID for uniquelyidentifying the vulnerability information, which is assigned by thevulnerability information data creation unit 212, is set to thevulnerability information ID. Information about the release date andtime contained in the vulnerability information is set to the releasedate and time. 0, which indicates “unreleased”, is set to the releaseflag when the release date and time is after the current date and time,and 1, which indicates “released” is set to the release flag when therelease date and time is before the current date and time. The overview,the method for investigation and the method for countermeasurescontained in the vulnerability information are respectively set to theoverview, the method for investigation and the method forcountermeasures.

When 0, which indicates “unreleased”, is set to the release flag of thevulnerability information data (Yes in S103), the vulnerabilityinformation data creation unit 212 transmits the vulnerabilityinformation data to the vulnerability information data encryption unit213. The vulnerability information data encryption unit 213 reads acommon key from the common key storage unit 214, encrypts informationabout an overview, a method for investigation and a method forcountermeasures in the vulnerability information data by using the readcommon key (S104), and sends the encrypted vulnerability informationdata back to the vulnerability information data creation unit 212. Thevulnerability information data creation unit 212 stores thevulnerability information data encrypted by the vulnerabilityinformation data encryption unit 213 into the vulnerability informationdata storage unit 215 (S105). On the other hand, when 1, which indicates“released”, is set to the vulnerability information data (No in S103),the vulnerability information data creation unit 212 stores thevulnerability information data into the vulnerability information datastorage unit 215 without encrypting it (S105). The vulnerabilityinformation data transmitting unit 216 reads the vulnerabilityinformation data from the vulnerability information data storage unit215 (S106), and transmits the read vulnerability information data to theserver 310 (S107).

(1-2-2) Next, the operation of the server 310 that receivesvulnerability information data from the vulnerability informationdistribution system 210 and transmits vulnerability information data tothe agent unit 320 is described with reference to FIG. 6.

Referring to FIG. 6, in the server 310, the vulnerability informationdata receiving unit 311 receives vulnerability information datatransmitted from the vulnerability information distribution system 210(S201). The vulnerability information data receiving unit 311 stores thereceived vulnerability information data into the vulnerabilityinformation data storage unit 312 (S202). The vulnerability informationdata distribution unit 313 reads the vulnerability information data fromthe vulnerability information data storage unit 312 (S203), andtransmits the read vulnerability information data to the agent unit 320(S204).

In the case where there are a plurality of agent units 320, the server310 transmits the vulnerability information data to each of theplurality of agent units 320.

(1-2-3) The operation of the agent unit 320 that receives vulnerabilityinformation data from the server 310, investigates the presence orabsence of vulnerabilities in the corresponding terminal 330, andtransmits vulnerability investigation results indicating results of theinvestigation to the server 310 is described with reference to FIG. 7.

Referring to FIG. 7, in the agent unit 320, the vulnerabilityinformation data receiving unit 321 receives the vulnerabilityinformation data transmitted from the server 310 (S301). Thevulnerability information data receiving unit 321 stores the receivedvulnerability information data into the vulnerability information datastorage unit 322 (S302). The vulnerability investigation unit 323 readsthe vulnerability information data from the vulnerability informationdata storage unit 322 (S303). When 0, which indicates “unreleased”, isset to the release flag of the read vulnerability information data (Yesin S304), the vulnerability investigation unit 323 transmits thevulnerability information data to the vulnerability information datadecryption unit 324. The vulnerability information data decryption unit324 reads a common key for decryption from the common key storage unit325, decrypts the information about the method for investigation in thevulnerability information data by using the read common key (S305), andsends the decrypted vulnerability information data back to thevulnerability investigation unit 323. The vulnerability investigationunit 323 investigates the presence or absence of vulnerabilities in thecorresponding terminal 330 based on the information about the method forinvestigation in the vulnerability information data decrypted by thevulnerability information data decryption unit 324 (S306). On the otherhand, when 1, which indicates “released”, is set to the release flag ofthe read vulnerability information data (No in S304), because theinformation about the method for investigation in the read vulnerabilityinformation data is not decrypted, the vulnerability investigation unit323 investigates the presence or absence of vulnerabilities in thecorresponding terminal 330 based on the information about the method forinvestigation (S306). The vulnerability investigation unit 323 createsvulnerability investigation results indicating investigation resultsregarding the presence or absence of vulnerabilities in thecorresponding terminal 330 (S307).

The vulnerability investigation results have a format that contains avulnerability information ID, a terminal ID, information about aninvestigation date and time, information about investigation results asshown in FIG. 8. An ID for uniquely identifying the vulnerabilityinformation related to the investigated vulnerabilities, which is thevulnerability information ID contained in the vulnerability informationdata, is set to the vulnerability information ID. An ID for identifyingthe investigated terminal 330 is set to the terminal ID. Informationabout the date and time when investigation is conducted is set to theinvestigation date and time. 0 is set to the investigation results whenthere are no vulnerabilities in the terminal 330, and 1 is set to theinvestigation results when there are vulnerabilities in the terminal330.

The vulnerability investigation unit 323 stores the createdvulnerability investigation results into the vulnerability investigationresult storage unit 326 (S308). The vulnerability investigation resulttransmitting unit 327 reads the vulnerability investigation results fromthe vulnerability investigation result storage unit 326 (S309) andtransmits the read vulnerability investigation results to the server 310(S310).

In the case where there are a plurality of agent units 320, each of theplurality of agent units 320 performs the operation of FIG. 7 describedabove.

(1-2-4) The operation of the server 310 that receives vulnerabilityinvestigation results from the agent unit 320 and stores thevulnerability investigation results into the vulnerability investigationresult storage unit 315 is described with reference to FIG. 9.

Referring to FIG. 9, in the server 310, the vulnerability investigationresult receiving unit 314 receives the vulnerability investigationresults transmitted from the agent unit 320 (S401). The vulnerabilityinvestigation result receiving unit 314 stores the receivedvulnerability investigation results into the vulnerability investigationresult storage unit 315 (S402).

In the case where there are a plurality of agent units 320, the server310 stores the vulnerability investigation results received from each ofthe plurality of agent units 320 into the vulnerability investigationresult storage unit 315.

(1-2-5) The operation of the server 310 that regularly checks thevulnerability information data in the vulnerability information datastorage unit 312, decrypts the vulnerability information data whoserelease date and time is before the current date and time, and storesthe decrypted vulnerability information data again into thevulnerability information data storage unit 312 is described withreference to FIG. 10.

Referring to FIG. 10, in the server 310, the vulnerability release dateand time checking unit 316 checks whether or not the vulnerabilityinformation data whose release flag is 0 indicating “unreleased” isstored in the vulnerability information data storage unit 312 on aregular basis (e.g., once in 10 minutes) (S501), and when suchvulnerability information data is stored (Yes in S501), thevulnerability release date and time checking unit 316 reads one of suchvulnerability information data (S502). When the release date and time ofthe read vulnerability information data is before the current date andtime (Yes in S503), the vulnerability release date and time checkingunit 316 transmits the vulnerability information data to thevulnerability information data decryption unit 317. The vulnerabilityinformation data decryption unit 317 reads a common key for decryptionfrom the common key storage unit 318, decrypts information about theoverview, the method for investigation and the method forcountermeasures in the vulnerability information data by using the readcommon key (S504), and sends the decrypted vulnerability informationdata back to the vulnerability release date and time checking unit 316.The vulnerability release date and time checking unit 316 sets 1, whichindicates “released”, to the release flag of the decrypted vulnerabilityinformation data (S505). The vulnerability release date and timechecking unit 316 stores the decrypted vulnerability information datawhere 1 is set to its release flag again into the vulnerabilityinformation data storage unit 312 (S506). On the other hand, when therelease date and time of the read vulnerability information data isafter the current date and time (No in S503), the vulnerability releasedate and time checking unit 316 stores the read vulnerabilityinformation data again into the vulnerability information data storageunit 312 without making any change (S506). Processing on thevulnerability information data read in S502 thereby ends. When thevulnerability information data whose release flag is 0 indicating“unreleased” is still stored in the vulnerability information datastorage unit 312 (Yes in S507), the vulnerability release date and timechecking unit 316 returns to the processing in S502. On the other hand,when the vulnerability information data whose release flag is 0indicating “unreleased” is not stored in the vulnerability informationdata storage unit 312 anymore (No in S501 and No in S507), thevulnerability release date and time checking unit 316 ends the process.

(1-2-6) The operation of the server 310 that displays the vulnerabilityinformation and the vulnerability investigation results is describedwith reference to FIG. 11.

Referring to FIG. 11, in the server 310, the vulnerability informationand investigation result display unit 319 checks whether or not thevulnerability information data whose release flag is 1 indicating“released” is stored in the vulnerability information data storage unit312 (S601), and when such vulnerability information data is stored (Yesin S601), the vulnerability information and investigation result displayunit 319 reads one of such vulnerability information data (S602). Whenthe vulnerability investigation results having a matching vulnerabilityinformation ID with the read vulnerability information data and whoseinvestigation results are 1 indicating the presence of vulnerabilitiesare stored in the vulnerability investigation result storage unit 315(Yes in S603), the vulnerability information and investigation resultdisplay unit 319 reads all of such vulnerability investigation results(S604). The vulnerability information and investigation result displayunit 319 displays, on a screen of the server 310, the overview and themethod for investigation in the read vulnerability information data anda list of the terminal IDs in the read vulnerability investigationresults (S605). On the other hand, when the vulnerability investigationresults having a matching vulnerability information ID with the readvulnerability information data and whose investigation results are 1indicating the presence of vulnerabilities are not stored in thevulnerability investigation result storage unit 315 (No in S603), thevulnerability information and investigation result display unit 319 doesnot display the results on the screen of the server 310. Processing onthe vulnerability information data read in S602 thereby ends. When thevulnerability information data whose release flag is 1 indicating“released” is still stored in the vulnerability information data storageunit 312 (Yes in S606), the vulnerability information and investigationresult display unit 319 returns to the processing in S602. On the otherhand, when the vulnerability information data whose release flag is 1indicating “released” is not stored in the vulnerability informationdata storage unit 312 anymore (No in S601 and No in S606), thevulnerability information and investigation result display unit 319 endsthe process.

Note that the timing to start the operation of FIG. 11 may be regulartiming, or it may be timing when an operation indicating display ofvulnerability information and vulnerability investigation results isperformed.

(1-2-7) The operation of the agent unit 320 that regularly checks thevulnerability information data in the vulnerability information datastorage unit 322, decrypts the vulnerability information data whoserelease date and time is before the current date and time, and storesthe decrypted vulnerability information data again into thevulnerability information data storage unit 322 is described withreference to FIG. 12.

Referring to FIG. 12, in the agent unit 320, the vulnerability releasedate and time checking unit 328 checks whether or not the vulnerabilityinformation data whose release flag is 0 indicating “unreleased” isstored in the vulnerability information data storage unit 322 on aregular basis (e.g., once in 10 minutes) (S701), and when suchvulnerability information data is stored (Yes in S701), thevulnerability release date and time checking unit 328 reads one of suchvulnerability information data (S702). When the release date and time ofthe read vulnerability information data is before the current date andtime (Yes in S703), the vulnerability release date and time checkingunit 328 transmits the vulnerability information data to thevulnerability information data decryption unit 324. The vulnerabilityinformation data decryption unit 324 reads a common key for decryptionfrom the common key storage unit 325, decrypts information about theoverview, the method for investigation and the method forcountermeasures in the vulnerability information data by using the readcommon key (S704), and sends the decrypted vulnerability informationdata back to the vulnerability release date and time checking unit 328The vulnerability release date and time checking unit 328 sets 1, whichindicates “released”, to the release flag of the decrypted vulnerabilityinformation data (S705). The vulnerability release date and timechecking unit 328 stores the decrypted vulnerability information datawhere 1 is set to its release flag again into the vulnerabilityinformation data storage unit 322 (S706). On the other hand, when therelease date and time of the read vulnerability information data isafter the current date and time (Yes in S703), the vulnerability releasedate and time checking unit 328 stores the read vulnerabilityinformation data again into the vulnerability information data storageunit 322 without making any change (S706). Processing on thevulnerability information data read in S702 thereby ends. When thevulnerability information data whose release flag is 0 indicating“unreleased” is still stored in the vulnerability information datastorage unit 322 (Yes in S707), the vulnerability release date and timechecking unit 328 returns to the processing in S702. On the other hand,when the vulnerability information data whose release flag is 0indicating “unreleased” is not stored in the vulnerability informationdata storage unit 322 anymore (No in S701 and No in S707), thevulnerability release date and time checking unit 328 ends the process.

In the case where there are a plurality of agent units 320, each of theplurality of agent units 320 performs the operation of FIG. 12 describedabove.

(1-2-8) The operation of the agent unit 320 that displays thevulnerability information is described with reference to FIG. 13.

Referring to FIG. 13, in the agent unit 320, the vulnerabilityinformation display unit 329 checks whether or not the vulnerabilityinformation data whose release flag is 1 indicating “released” is storedin the vulnerability information data storage unit 322 (S801), and whensuch vulnerability information data is stored (Yes in S801), thevulnerability information display unit 329 reads one of suchvulnerability information data (S802). When the vulnerabilityinvestigation results having a matching vulnerability information IDwith the read vulnerability information data and whose investigationresults are 1 indicating the presence of vulnerabilities are stored inthe vulnerability investigation result storage unit 326 (Yes in S803),the vulnerability information display unit 329 reads such vulnerabilityinvestigation results (S804). The vulnerability information display unit329 displays, on a screen of the corresponding terminal 330, theoverview and the method for investigation in the read vulnerabilityinformation data (S805). On the other hand, when the vulnerabilityinvestigation results having a matching vulnerability information IDwith the read vulnerability information data and whose investigationresults are 1 indicating the presence of vulnerabilities are not storedin the vulnerability investigation result storage unit 326 (No in S803),the vulnerability information display unit 329 does not display theresults on the screen of the corresponding terminal 330. Processing onthe vulnerability information data read in S802 thereby ends. When thevulnerability information data whose release flag is 1 indicating“released” is still stored in the vulnerability information data storageunit 322 (Yes in S806), the vulnerability information display unit 329returns to the processing in S802. On the other hand, when thevulnerability information data whose release flag is 1 indicating“released” is not stored in the vulnerability information data storageunit 322 anymore (No in S801 and No in S806), the vulnerabilityinformation display unit 329 ends the process.

Note that the timing to start the operation of FIG. 13 may be regulartiming, or it may be timing when an operation indicating display ofvulnerability information is performed.

In the case where there are a plurality of agent units 320, each of theplurality of agent units 320 performs the operation of FIG. 13 describedabove.

(1-3) Effects of First Embodiment

As described above, according to the first embodiment, the server 310transmits encrypted vulnerability information to the agent unit 320 sothat the investigation regarding the presence or absence ofvulnerabilities in the terminal 330 is completed before a release dateand time, and then displays vulnerability investigation results on orafter the release date and time.

Therefore, a security administrator of the security risk managementsystem using company 300 can know investigation results regarding thepresence or absence of vulnerabilities in the terminals 330 of its owncompany on the release date and time of the vulnerability information,and immediately take the next step of developing countermeasures againstvulnerabilities. It is thereby possible to reduce the time needed totake countermeasures against vulnerabilities.

It should be noted that, according to the first embodiment, thevulnerability information is decrypted for vulnerability investigationbefore a release date and time of the vulnerability information in thesecurity risk management system 305. However, the decryptedvulnerability information is displayed on or after the release date andtime. Thus, a security administrator and employees of the security riskmanagement system using company 300 are not able to see thevulnerability information before the release date and time, andtherefore the secrecy of the vulnerability information is ensured.

(2) Second Embodiment

A second embodiment corresponds to one embodiment where the dominantconception of the above-described first embodiment is extracted. FIG. 14shows a block configuration example of a security risk management system305 according to the second embodiment.

Referring to FIG. 14, the security risk management system 305 accordingto the second embodiment includes a server 310 and an agent unit 320,just like in the first embodiment. The agent unit 320 corresponds to theterminal 330 whose vulnerabilities are to be managed (see FIG. 1), andit is installed into the corresponding terminal 330. Although FIG. 14shows an example in which one agent unit 320 corresponding to oneterminal 330 is placed, if there are a plurality of terminals 330, aplurality of agent units 320 respectively corresponding to the pluralityof terminals 330 are placed.

The server 310 includes a communication unit 3101 and a presentationunit 3102. The communication unit 3101 corresponds to an element thatcombines the vulnerability information data distribution unit 313 andthe vulnerability investigation result receiving unit 314 according tothe first embodiment described above. The presentation unit 3102corresponds to the vulnerability information and investigation resultdisplay unit 319 according to the first embodiment described above.

The agent unit 320 includes a communication unit 3201 and aninvestigation unit 3202. The communication unit 3201 corresponds to anelement that combines the vulnerability information data receiving unit321 and the vulnerability investigation result transmitting unit 327according to the first embodiment described above. The investigationunit 3202 corresponds to the vulnerability investigation unit 323according to the first embodiment described above.

The operation of the security risk management system 305 according tothe second embodiment is described hereinafter with reference to FIG.15.

Referring to FIG. 15, in the server 310, the communication unit 3101transmits vulnerability information to the agent unit 320 before therelease date and time of the vulnerability information (S901). In thecase where there are a plurality of agent units 320, the server 310transmits vulnerability information to each of the plurality of agentunits 320.

In the agent unit 320, the communication unit 3201 receivesvulnerability information transmitted from the server 310 before therelease date and time of the vulnerability information (S902). Theinvestigation unit 3202 investigates the presence or absence ofvulnerabilities in the corresponding terminal 330 based on the methodfor investigation contained in the vulnerability information before therelease date and time of the vulnerability information (S903). Further,the investigation unit 3202 transmits vulnerability investigationresults containing investigation results regarding the presence orabsence of vulnerabilities in the terminal 330 to the server 310 beforethe release date and time of the vulnerability information (S904). Inthe case where there are a plurality of agent units 320, each of theplurality of agent units 320 performs the operations of S902 to S904described above.

In the server 310, the communication unit 3101 receives thevulnerability investigation results transmitted from the agent unit 320before the release date and time of the vulnerability information(S905). The presentation unit 3102 presents the vulnerabilityinformation and the vulnerability investigation results (for example,displays them on a screen of the server 310) on or after the releasedate and time of the vulnerability information (S906).

As described above, according to the second embodiment, the server 310transmits vulnerability information to the agent unit 320 so that theinvestigation regarding the presence or absence of vulnerabilities inthe terminal 330 is completed before a release date and time, and thenpresents vulnerability investigation results on or after the releasedate and time.

Therefore, a security administrator can know investigation resultsregarding the presence or absence of vulnerabilities in the terminals330 on the release date and time of the vulnerability information, andimmediately take the next step of developing countermeasures againstvulnerabilities. It is thereby possible to reduce the time needed totake countermeasures against vulnerabilities.

Note that, although the operations of the elements of the server 310 andthe agent unit 320 according to the second embodiment are brieflydescribed above, the elements of the server 310 and the agent unit 320according to the second embodiment may perform the same operations asthe corresponding elements in the first embodiment described above.Further, the server 310 and the agent unit 320 according to the secondembodiment may further include another element included in the server310 and the agent unit 320 according to the first embodiment describedabove.

While the present disclosure has been particularly shown and describedwith reference to embodiments thereof, the present disclosure is notlimited to these embodiments. It will be understood by those of ordinaryskill in the art that various changes in form and details may be madetherein without departing from the spirit and scope of the presentdisclosure as defined by the claims.

For example, although the agent unit investigates the presence orabsence of vulnerabilities in a terminal in the above-describedembodiments, the server may investigate the presence or absence ofvulnerabilities in a terminal. In this case, the agent unit may collectonly information necessary for investigation from the terminal, andtransmits the collected information to the server. The serverinvestigates the presence or absence of vulnerabilities in each terminalbased on the information collected from each agent unit.

Further, although vulnerability information data whose release flagindicates “released” is read, and then vulnerability investigationresults are read based on the read vulnerability information data asshown in FIGS. 11 and 13 in the first embodiment described above, it isnot limited thereto. For example, vulnerability investigation resultsindicating the presence of vulnerabilities may be read first, and thenvulnerability information data may be read based on the readvulnerability investigation results.

Furthermore, although a plurality of steps (processing steps) aresequentially described in the plurality of flowcharts used in thedescription above, the order of performing the steps to be performed inthe above-described embodiments is not limited to the sequence describedabove. In the above-described embodiments, the sequence of steps shownin the figures may be changed as appropriate.

Further, the whole or part of the embodiments disclosed above can bedescribed as, but not limited to, the following supplementary notes.

(Supplementary Note 1)

A security risk management system comprising:

a server; and

an agent unit included in a terminal, wherein

the server transmits vulnerability information to the agent unit beforea release date and time of the vulnerability information,

the agent unit investigates presence or absence of vulnerabilities inthe terminal based on information regarding a method for vulnerabilityinvestigation contained in the vulnerability information, and transmitsvulnerability investigation results containing the investigation resultsto the server before the release date and time of the vulnerabilityinformation, and

the server presents the vulnerability information and the vulnerabilityinvestigation results on or after the release date and time of thevulnerability information.

(Supplementary Note 2)

The security risk management system according to Supplementary Note 1,wherein

the server transmits the vulnerability information to the agent unitbefore a release date and time of the vulnerability information, thevulnerability information containing encrypted information regarding amethod for vulnerability investigation, and

the agent unit decrypts the information regarding a method forvulnerability investigation contained in the vulnerability information,and investigates presence or absence of vulnerabilities in the terminalbased on the decrypted information regarding a method for vulnerabilityinvestigation before the release date and time of the vulnerabilityinformation.

(Supplementary Note 3)

The security risk management system according to Supplementary Note 1 or2, wherein the server stores the vulnerability information before arelease date and time of the vulnerability information, thevulnerability information containing encrypted information regarding anoverview of vulnerabilities, a method for investigation and a method forcountermeasures, and transmits the vulnerability information to theagent unit before the release date and time of the vulnerabilityinformation, the vulnerability information containing the encryptedinformation regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures, and

the agent unit stores the vulnerability information before the releasedate and time of the vulnerability information, the vulnerabilityinformation containing the encrypted information regarding an overviewof vulnerabilities, a method for investigation and a method forcountermeasures.

(Supplementary Note 4)

The security risk management system according to Supplementary Note 3,wherein

a release flag to which a value indicating whether the vulnerabilityinformation is unreleased or released is set is added to thevulnerability information,

the server reads the vulnerability information to which the release flagto which a value indicating “unreleased” is set is added from among thestored vulnerability information, and

when a release date and time contained in the read vulnerabilityinformation is before a current date and time, the server decrypts theinformation regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures contained in the readvulnerability information, sets a value indicating “released” to therelease flag added to the read vulnerability information, and stores theread vulnerability information again.

(Supplementary Note 5)

The security risk management system according to Supplementary Note 4,wherein

a vulnerability information ID for identifying the vulnerabilityinformation is further added to the vulnerability information,

the vulnerability investigation results contain a vulnerabilityinformation ID for identifying the vulnerability information related toinvestigated vulnerabilities, a terminal ID for identifying theterminal, and investigation results indicating presence or absence ofvulnerabilities in the terminal,

the server stores the vulnerability investigation results, reads thevulnerability information to which the release flag to which a valueindicating “released” is set is added from among the storedvulnerability information, reads the vulnerability investigation resultscontaining the vulnerability information ID matching with the readvulnerability information and containing investigation resultsindicating presence of vulnerabilities in the terminal from among thestored vulnerability investigation results, and presents an overview anda method for countermeasures contained in the read vulnerabilityinformation and presents the terminal ID contained in the readvulnerability investigation results.

(Supplementary Note 6)

The security risk management system according to Supplementary Note 3,wherein

a release flag to which a value indicating whether the vulnerabilityinformation is unreleased or released is set is added to thevulnerability information,

the agent unit reads the vulnerability information to which the releaseflag to which a value indicating “unreleased” is set is added from amongthe stored vulnerability information, and

when a release date and time contained in the read vulnerabilityinformation is before a current date and time, the agent unit decryptsthe information regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures contained in the readvulnerability information, sets a value indicating “released” to therelease flag added to the read vulnerability information, and stores theread vulnerability information again.

(Supplementary Note 7)

The security risk management system according to Supplementary Note 6,wherein

a vulnerability information ID for identifying the vulnerabilityinformation is further added to the vulnerability information,

the vulnerability investigation results contain a vulnerabilityinformation ID for identifying the vulnerability information related toinvestigated vulnerabilities, a terminal ID for identifying theterminal, and investigation results indicating presence or absence ofvulnerabilities in the terminal,

the agent unit stores the vulnerability investigation results, reads thevulnerability information to which the release flag to which a valueindicating “released” is set is added from among the storedvulnerability information, and when the vulnerability investigationresults containing the vulnerability information ID matching with theread vulnerability information and containing investigation resultsindicating presence of vulnerabilities in the terminal are included inthe stored vulnerability investigation results, presents an overview anda method for countermeasures contained in the read vulnerabilityinformation.

(Supplementary Note 8)

A server comprising:

a communication unit configured to transmit, to an agent unit includedin a terminal, vulnerability information before a release date and timeof the vulnerability information, and receives, from the agent unit,vulnerability investigation results containing investigation resultsregarding presence or absence of vulnerabilities in the terminalinvestigated by the agent unit based on information regarding a methodfor vulnerability investigation contained in the vulnerabilityinformation before the release date and time of the vulnerabilityinformation, and

a presentation unit configured to present the vulnerability informationand the vulnerability investigation results on or after the release dateand time of the vulnerability information.

(Supplementary Note 9)

The server according to Supplementary Note 8, wherein the communicationunit transmits the vulnerability information to the agent unit before arelease date and time of the vulnerability information, thevulnerability information containing encrypted information regarding amethod for vulnerability investigation.

(Supplementary Note 10)

The server according to Supplementary Note 8 or 9, further comprising:

a vulnerability information storage unit configured to store thevulnerability information before a release date and time of thevulnerability information, the vulnerability information containingencrypted information regarding an overview of vulnerabilities, a methodfor investigation and a method for countermeasures, wherein

the communication unit transmits the vulnerability information to theagent unit before the release date and time of the vulnerabilityinformation, the vulnerability information containing the encryptedinformation regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures.

(Supplementary Note 11)

The server according to Supplementary Note 10, further comprising:

a release date and time checking unit, wherein

a release flag to which a value indicating whether the vulnerabilityinformation is unreleased or released is set is added to thevulnerability information,

the release date and time checking unit reads the vulnerabilityinformation to which the release flag to which a value indicating“unreleased” is set is added from among the vulnerability informationstored in the vulnerability information storage unit, and

when a release date and time contained in the read vulnerabilityinformation is before a current date and time, the release date and timechecking unit decrypts the information regarding an overview ofvulnerabilities, a method for investigation and a method forcountermeasures contained in the read vulnerability information, sets avalue indicating “released” to the release flag added to the readvulnerability information, and stores the read vulnerability informationagain into the vulnerability information storage unit.

(Supplementary Note 12)

The server according to Supplementary Note 11, further comprising:

a vulnerability investigation result storage unit configured to storethe vulnerability investigation results, wherein

a vulnerability information ID for identifying the vulnerabilityinformation is further added to the vulnerability information,

the vulnerability investigation results contain a vulnerabilityinformation ID for identifying the vulnerability information related toinvestigated vulnerabilities, a terminal ID for identifying theterminal, and investigation results indicating presence or absence ofvulnerabilities in the terminal,

the presentation unit reads the vulnerability information to which therelease flag to which a value indicating “released” is set is added fromamong the vulnerability information stored in the vulnerabilityinformation storage unit, reads the vulnerability investigation resultscontaining the vulnerability information ID matching with the readvulnerability information and containing investigation resultsindicating presence of vulnerabilities in the terminal from among thevulnerability investigation results stored in the vulnerabilityinvestigation result storage unit, and presents an overview and a methodfor countermeasures contained in the read vulnerability information andpresents the terminal ID contained in the read vulnerabilityinvestigation results.

(Supplementary Note 13)

A control method of a server, comprising:

a transmission step of transmitting, to an agent unit included in aterminal, vulnerability information before a release date and time ofthe vulnerability information;

a step of receiving, from the agent unit, vulnerability investigationresults containing investigation results regarding presence or absenceof vulnerabilities in the terminal investigated by the agent unit basedon information regarding a method for vulnerability investigationcontained in the vulnerability information before the release date andtime of the vulnerability information; and

a presentation step of presenting the vulnerability information and thevulnerability investigation results on or after the release date andtime of the vulnerability information.

(Supplementary Note 14)

The control method according to Supplementary Note 13, wherein thetransmission step transmits the vulnerability information to the agentunit before a release date and time of the vulnerability information,the vulnerability information containing encrypted information regardinga method for vulnerability investigation.

(Supplementary Note 15)

The control method according to Supplementary Note 13 or 14, furthercomprising:

a step of storing, into a vulnerability information storage unit, thevulnerability information before a release date and time of thevulnerability information, the vulnerability information containingencrypted information regarding an overview of vulnerabilities, a methodfor investigation and a method for countermeasures, wherein

the transmission step transmits the vulnerability information to theagent unit before the release date and time of the vulnerabilityinformation, the vulnerability information containing the encryptedinformation regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures.

(Supplementary Note 16)

The control method according to Supplementary Note 15, wherein

a release flag to which a value indicating whether the vulnerabilityinformation is unreleased or released is set is added to thevulnerability information, and

the control method further comprises:

a step of reading the vulnerability information to which the releaseflag to which a value indicating “unreleased” is set is added from amongthe vulnerability information stored in the vulnerability informationstorage unit, and

a step of, when a release date and time contained in the readvulnerability information is before a current date and time, decryptingthe information regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures contained in the readvulnerability information, setting a value indicating “released” to therelease flag added to the read vulnerability information, and storingthe read vulnerability information again into the vulnerabilityinformation storage unit.

(Supplementary Note 17)

The control method according to Supplementary Note 16, wherein

a vulnerability information ID for identifying the vulnerabilityinformation is further added to the vulnerability information,

the vulnerability investigation results contain a vulnerabilityinformation ID for identifying the vulnerability information related toinvestigated vulnerabilities, a terminal ID for identifying theterminal, and investigation results indicating presence or absence ofvulnerabilities in the terminal,

the control method further comprises:

a step of storing the vulnerability investigation results into avulnerability investigation result storage unit,

a step of reading the vulnerability information to which the releaseflag to which a value indicating “released” is set is added from amongthe vulnerability information stored in the vulnerability informationstorage unit,

a step of reading the vulnerability investigation results containing thevulnerability information ID matching with the read vulnerabilityinformation and containing investigation results indicating presence ofvulnerabilities in the terminal from among the vulnerabilityinvestigation results stored in the vulnerability investigation resultstorage unit, and

the presentation step presents an overview and a method forcountermeasures contained in the read vulnerability information, andpresents the terminal ID contained in the read vulnerabilityinvestigation results.

(Supplementary Note 18)

A non-transitory computer readable medium storing a program causing acomputer to execute:

a transmission step of transmitting, to an agent unit included in aterminal, vulnerability information before a release date and time ofthe vulnerability information;

a step of receiving, from the agent unit, vulnerability investigationresults containing investigation results regarding presence or absenceof vulnerabilities in the terminal investigated by the agent unit basedon information regarding a method for vulnerability investigationcontained in the vulnerability information before a release date andtime of the vulnerability information; and

a presentation step of presenting the vulnerability information and thevulnerability investigation results on or after the release date andtime of the vulnerability information.

(Supplementary Note 19)

The non-transitory computer readable medium according to SupplementaryNote 18, wherein the transmission step transmits the vulnerabilityinformation to the agent unit before a release date and time of thevulnerability information, the vulnerability information containingencrypted information regarding a method for vulnerabilityinvestigation.

(Supplementary Note 20)

The non-transitory computer readable medium according to SupplementaryNote 18 or 19, wherein the program causes the computer to furtherexecute:

a step of storing, into a vulnerability information storage unit, thevulnerability information before a release date and time of thevulnerability information, the vulnerability information containingencrypted information regarding an overview of vulnerabilities, a methodfor investigation and a method for countermeasures, wherein

the transmission step transmits the vulnerability information to theagent unit before the release date and time of the vulnerabilityinformation, the vulnerability information containing the encryptedinformation regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures.

(Supplementary Note 21)

The non-transitory computer readable medium according to SupplementaryNote 20, wherein

a release flag to which a value indicating whether the vulnerabilityinformation is unreleased or released is set is added to thevulnerability information, and

the program causes the computer to further execute:

a step of reading the vulnerability information to which the releaseflag to which a value indicating “unreleased” is set is added from amongthe vulnerability information stored in the vulnerability informationstorage unit, and

a step of, when a release date and time contained in the readvulnerability information is before a current date and time, decryptingthe information regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures contained in the readvulnerability information, setting a value indicating “released” to therelease flag added to the read vulnerability information, and storingthe read vulnerability information again into the vulnerabilityinformation storage unit.

(Supplementary Note 22)

The non-transitory computer readable medium according to SupplementaryNote 21, wherein

a vulnerability information ID for identifying the vulnerabilityinformation is further added to the vulnerability information,

the vulnerability investigation results contain a vulnerabilityinformation ID for identifying the vulnerability information related toinvestigated vulnerabilities, a terminal ID for identifying theterminal, and investigation results indicating presence or absence ofvulnerabilities in the terminal,

the program causes the computer to further execute:

a step of storing the vulnerability investigation results into avulnerability investigation result storage unit,

a step of reading the vulnerability information to which the releaseflag to which a value indicating “released” is set is added from amongthe vulnerability information stored in the vulnerability informationstorage unit,

a step of reading the vulnerability investigation results containing thevulnerability information ID matching with the read vulnerabilityinformation and containing investigation results indicating presence ofvulnerabilities in the terminal from among the vulnerabilityinvestigation results stored in the vulnerability investigation resultstorage unit, and

the presentation step presents an overview and a method forcountermeasures contained in the read vulnerability information, andpresents the terminal ID contained in the read vulnerabilityinvestigation results.

(Supplementary Note 23)

A non-transitory computer readable medium storing a program causing acomputer to execute:

a receiving step of receiving, from a server, vulnerability informationbefore a release date and time of the vulnerability information;

an investigation step of investing presence or absence ofvulnerabilities in a terminal based on information regarding a methodfor vulnerability investigation contained in the vulnerabilityinformation before a release date and time of the vulnerabilityinformation; and

a step of transmitting, to the server, vulnerability investigationresults containing investigation results in the investigation stepbefore the release date and time of the vulnerability information.

(Supplementary Note 24)

The non-transitory computer readable medium according to SupplementaryNote 23, wherein

the receiving step receives, from the server, the vulnerabilityinformation before a release date and time of the vulnerabilityinformation, the vulnerability information containing encryptedinformation regarding a method for vulnerability investigation, and

the investigation step decrypts the information regarding a method forvulnerability investigation contained in the vulnerability information,and investigates presence or absence of vulnerabilities in the terminalbased on the decrypted information regarding a method for vulnerabilityinvestigation before the release date and time of the vulnerabilityinformation.

(Supplementary Note 25)

The non-transitory computer readable medium according to SupplementaryNote 23 or 24, wherein

the receiving step receives, from the server, the vulnerabilityinformation before a release date and time of the vulnerabilityinformation, the vulnerability information containing encryptedinformation regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures, and

the program causes the computer to further execute:

a step of storing the vulnerability information into a vulnerabilityinformation storage unit before the release date and time of thevulnerability information, the vulnerability information containing theencrypted information regarding an overview of vulnerabilities, a methodfor investigation and a method for countermeasures.

(Supplementary Note 26)

The non-transitory computer readable medium according to SupplementaryNote 25, wherein

a release flag to which a value indicating whether the vulnerabilityinformation is unreleased or released is set is added to thevulnerability information,

the program causes the computer to further execute:

a step of reading the vulnerability information to which the releaseflag to which a value indicating “unreleased” is set is added from amongthe vulnerability information stored in the vulnerability informationstorage unit, and

a step of, when a release date and time contained in the readvulnerability information is before a current date and time, decryptingthe information regarding an overview of vulnerabilities, a method forinvestigation and a method for countermeasures contained in the readvulnerability information, setting a value indicating “released” to therelease flag added to the read vulnerability information, and storingthe read vulnerability information again into the vulnerabilityinformation storage unit.

(Supplementary Note 27)

The non-transitory computer readable medium according to SupplementaryNote 26, wherein

a vulnerability information ID for identifying the vulnerabilityinformation is further added to the vulnerability information,

the vulnerability investigation results contain a vulnerabilityinformation ID for identifying the vulnerability information related toinvestigated vulnerabilities, a terminal ID for identifying theterminal, and investigation results indicating presence or absence ofvulnerabilities in the terminal,

the program causes the computer to further execute:

a step of storing the vulnerability investigation results into avulnerability investigation result storage unit,

a step of reading the vulnerability information to which the releaseflag to which a value indicating “released” is set is added from amongthe vulnerability information stored in the vulnerability informationstorage unit, and

a step of, when the vulnerability investigation results containing thevulnerability information ID matching with the read vulnerabilityinformation and containing investigation results indicating presence ofvulnerabilities in the terminal are included in the vulnerabilityinvestigation results stored in the vulnerability investigation resultstorage unit, presenting an overview and a method for countermeasurescontained in the read vulnerability information.

REFERENCE SIGNS LIST

-   100 VULNERABILITY INFORMATION PROVIDING INSTITUTION-   110 VULNERABILITY INFORMATION TRANSMISSION SYSTEM-   200 SECURITY RISK MANAGEMENT SYSTEM PROVIDING COMPANY-   210 VULNERABILITY INFORMATION DISTRIBUTION SYSTEM-   211 VULNERABILITY INFORMATION RECEIVING UNIT-   212 VULNERABILITY INFORMATION DATA CREATION UNIT-   213 VULNERABILITY INFORMATION DATA ENCRYPTION UNIT-   214 COMMON KEY STORAGE UNIT-   215 VULNERABILITY INFORMATION DATA STORAGE UNIT-   216 VULNERABILITY INFORMATION DATA TRANSMITTING UNIT-   300 SECURITY RISK MANAGEMENT SYSTEM USING COMPANY-   305 SECURITY RISK MANAGEMENT SYSTEM-   310 SERVER-   311 VULNERABILITY INFORMATION DATA RECEIVING UNIT-   312 VULNERABILITY INFORMATION DATA STORAGE UNIT-   313 VULNERABILITY INFORMATION DATA DISTRIBUTION UNIT-   314 VULNERABILITY INVESTIGATION RESULT RECEIVING UNIT-   315 VULNERABILITY INVESTIGATION RESULT STORAGE UNIT-   316 VULNERABILITY RELEASE DATE AND TIME CHECKING UNIT 316-   317 VULNERABILITY INFORMATION DATA DECRYPTION UNIT-   318 COMMON KEY STORAGE UNIT-   319 VULNERABILITY INFORMATION AND INVESTIGATION RESULT DISPLAY UNIT-   3101 COMMUNICATION UNIT-   3102 PRESENTATION UNIT-   320 AGENT UNIT-   321 VULNERABILITY INFORMATION DATA RECEIVING UNIT-   322 VULNERABILITY INFORMATION DATA STORAGE UNIT-   323 VULNERABILITY INVESTIGATION UNIT-   324 VULNERABILITY INFORMATION DATA DECRYPTION UNIT-   325 COMMON KEY STORAGE UNIT-   326 VULNERABILITY INVESTIGATION RESULT STORAGE UNIT-   327 VULNERABILITY INVESTIGATION RESULT TRANSMITTING UNIT-   328 VULNERABILITY RELEASE DATE AND TIME CHECKING UNIT-   329 VULNERABILITY INFORMATION DISPLAY UNIT-   3201 COMMUNICATION UNIT-   3202 INVESTIGATION UNIT-   330 TERMINAL-   400 COMPUTER-   401 PROCESSOR-   402 MEMORY-   403 STORAGE-   404 INPUT/OUTPUT INTERFACE-   4041 DISPLAY DEVICE-   4042 INPUT DEVICE-   405 COMMUNICATION INTERFACE

1-15. (canceled)
 16. A method performed by a terminal, the methodcomprising: receiving, from a server, vulnerability informationconcerning vulnerability, including a release date and time, and amethod for investigation, before the release date and time, wherein thevulnerability information is received by the server from a vulnerabilityinformation distribution system; and investigating the terminal usingthe method for investigation.
 17. The method according to claim 16,wherein the investigating is performed before the release date and time.18. The method according to claim 16, further comprising: sending aresult of the investigating to the server.
 19. The method according toclaim 16, wherein the vulnerability information is encrypted, and themethod further comprising: decrypting the encrypted vulnerabilityinformation before the investigating is performed.
 20. A methodcomprising: receiving, from a vulnerability information distributionsystem, vulnerability information concerning vulnerability, including arelease date and time, and a method for investigation; transmitting thevulnerability information to a terminal before the release date andtime; and receiving, from the terminal, a result of investigationperformed in the terminal using the method for investigation.
 21. Themethod according to claim 20, further comprising: displaying the resultbefore the release date and time.
 22. A method for a system including aserver and a terminal comprising: receiving, by the server from avulnerability information distribution system, vulnerability informationconcerning vulnerability, including a release date and time, and amethod for investigation; transmitting, by the server, the vulnerabilityinformation to the terminal before the release date and time;investigating the terminal using the method for investigation; andreceiving, from the terminal, a result of the investigating.
 23. Aterminal comprising: one or more processors; and one or more memoriesstoring executable instructions that, when executed by the one or moreprocessors, causes the one or more processors to perform: receiving,from a server, vulnerability information concerning vulnerability,including a release date and time, and a method for investigation,before the release date and time, wherein the vulnerability informationis received by the server from a vulnerability information distributionsystem; and investigating the terminal using the method forinvestigation.
 24. The terminal according to claim 23, wherein theinvestigating is performed before the release date and time.
 25. Theterminal according to claim 23, wherein the one or more processorsfurther perform sending a result of the investigating to the server. 26.The terminal according to claim 23, wherein the vulnerabilityinformation is encrypted, and the one or more processors further performdecrypting the encrypted vulnerability information before theinvestigating is performed.
 27. A server comprising: one or moreprocessors; and one or more memories storing executable instructionsthat, when executed by the one or more processors, causes the one ormore processors to perform: receiving, from a vulnerability informationdistribution system, vulnerability information concerning vulnerability,including a release date and time, and a method for investigation;transmitting the vulnerability information to a terminal before therelease date and time; and receiving, from the terminal, a result ofinvestigation performed in the terminal using the method forinvestigation.
 28. The server according to claim 20, wherein the one ormore processors further perform: displaying the result before therelease date and time.
 29. A system comprising: a terminal; a server;one or more processors; and one or more memories storing executableinstructions that, when executed by the one or more processors, causesthe one or more processors to perform: receiving, by the server from avulnerability information distribution system, vulnerability informationconcerning vulnerability, including a release date and time, and amethod for investigation; transmitting, by the server, the vulnerabilityinformation to a terminal before the release date and time;investigating the terminal using the method for investigation; andreceiving, from the terminal, a result of the investigating.
 30. Anon-transitory computer readable information recording medium storing aprogram, that when executed by a processor, causes the processor toexecute: receiving, from a server, vulnerability information concerningvulnerability, including a release date and time, and a method forinvestigation, before the release date and time, wherein thevulnerability information is received by the server from a vulnerabilityinformation distribution system; and investigating the terminal usingthe method for investigation.
 31. A non-transitory computer readableinformation recording medium storing a program, that when executed by aprocessor, causes the processor to execute: receiving, from avulnerability information distribution system, vulnerability informationconcerning vulnerability, including a release date and time, and amethod for investigation; transmitting the vulnerability information toa terminal before the release date and time; and receiving, from theterminal, a result of investigation performed in the terminal using themethod for investigation.